Main Vulnerability Database Vulnerabilities #VU36451

Input validation error in Google Android - CVE-2018-9362

Published: November 6, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36451

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-9362

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611.

How to mitigate CVE-2018-9362

Install update from vendor's website.

Input validation error in Google Android - CVE-2018-9362

Detailed vulnerability description

How to mitigate CVE-2018-9362

Sources

Please verify you're human